using disposable mailboxes for research
TRANSCRIPT
1
Brad Antoniewicz
Disposable Mailboxes for Research!
Cisco Umbrella, formally OpenDNS
2
Hi, I’m @brad_anton
3 3© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
40%Businesses affected
in the last year
$1BGross Revenue in
2016
128%Growth in new
samples
Ransomware SucksCommodity malware distracts researchers from cooler stuff
4
Email Distribution
To: Brad Antoniewicz <[email protected]>From: Barbara Almond <[email protected]>Received: from mail.mailexpress.com …
Subject: Invoice #0299301Attachment: invoice01.zip
Body: Brad,Attached is the invoice you requested.
Thanks,Barbara
Domain AnalysisPattern Analysis
Natural Language Website Crawling
@brad_anton
5
Not good for research
6
7
MailRunnerIdentifying ransomware and commodity malware
Bait MailboxesBlock
Dewey Classification
Engine
@brad_anton
Convict, then pass on email attributes
8
9
Architecture
Fetch, Process, and Store
Check and Categorize
Sandbox
Analyzer
Block
10
Detections(One mailbox)
7.4k Malicious Emails15k Unique Domains
@brad_anton
11
12@brad_anton
13
14
15@brad_anton
1616
Takeaways1. Commodity malware ruins it2. Disposable mailboxes FTW3. LacedMail.com4. MailRunner opensource soon!
1717© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Thanks!-@brad_anton